Privacy & Security

FAQ(s)

• Where can I learn more information about the Equifax Cybersecurity Incident?
  Please visit https://www.equifaxsecurity2017.com for more information.
• Why do you need to know my income?
  Federal law requires us to consider your income when you apply for credit and before any credit limit increase.
• Do you really need my Social Security number?
  Yes. Federal law requires it. We also use it to verify your identity and obtain credit bureau information.
• What should I do if my Account information has been lost or stolen?
  Call Customer Care immediately at 1-866-308-0680 (TDD/TTY: 1-800-695-1788).
• I'm afraid of internet and email fraud. How am I protected?
  Protecting your privacy and Account security is important to us, which is why we use encryption technologies. Visit our Security pages to learn more about the security measures we use to safeguard you and your Account. Get FTC tips on minimizing your risk.
• Why should I select "remember my device?"
  Your privacy is important to us. When you sign in with a new or unrecognized device, we make sure it's you by sending a security code to your mobile phone or email address on file. "Remember My Device" lets you skip this step. We can remember up to 10 of your personal devices, such as phones, tablets, etc. For your protection, we suggest remembering only personal, not public, devices.
• Why do I need a verification code to sign in?

  If we don't recognize the device you're using, we need to confirm your identity before you can access your account. Sometimes we don't recognize your device because:

  • This is the first time you've logged into your Account
  • You're using a new computer or one you haven't used before 
  • You switched to a new internet browser (for instance, switching from Internet Explorer to Chrome)
  • You changed your internet browser settings or are using a private browsing mode
  • You deleted your cookies or cleared your cache
  • You modified your device, its operating system, or its software settings 
  • Your internet provider changed its system settings 
  • Your IP address may have changed
  • We can only remember up to 10 device and location combinations
• Do I need to update my password?
  You are not required to update your password, but it is a good idea to update your password at least every six months to protect your Account security and privacy.
• What is internet security and what are you doing to protect me?
  Internet security is a broad term used to describe how to prevent others from viewing, copying, or redirecting information sent to you. Visit our Security pages to learn more about the security measures we use to safeguard you and your Account.
• What is your privacy policy?
  Read a detailed description of our privacy policy, including how Comenity protects your personal information.
• I want to look at my Account online. Which browser should I use?
  For best display and functionality, please use the latest version of Microsoft Edge, Google Chrome or Safari. If you are having trouble with the way content is displaying on any of our pages, please make sure your browser is up to date.
• What is phishing, smishing, and vishing and how should I handle them?

  Phishing, smishing and vishing are all illegal methods of obtaining sensitive personal and financial information from you for fraudulent purposes. Phishing uses email, smishing uses text messages, and vishing uses voice telephone calls. These emails, texts and calls are often disguised as legitimate communication from your financial institution.

  Here are three simple steps to handle them:

  1. Stop. They typically include an alarming or enticing statement so you'll respond quickly. Resist the impulse to click a link, text back, or call a phone number until you've verified the authenticity of the message.
  2. Look. Review any claims made in the message and think about whether they make sense. Be extremely suspicious if the message asks you to provide personal information such as your Social Security or account number, user name or password.
  3. Call. If you're even the slightest bit unsure about the claim, do not respond. Instead, contact Customer Care at 1-866-308-0680 (TDD/TTY: 1-800-695-1788).
• When would Comenity call, text, or email me?

  Comenity Bank may call, text, or email you if your Account is past due, in response to Account questions or concerns, and with marketing and servicing emails. 

  • Phone:
    In a phone call we may ask you to verify your identity, but if you are ever unsure about whether the call is coming from Comenity Bank, please contact Customer Care at 1-866-308-0680 (TDD/TTY: 1-800-695-1788).
  • Text:
    We will never ask you to provide sensitive information via text. Comenity Bank may send texts to the mobile number on file to send verification codes or to contact you about an Account that is past due.
  • Email:
    We will never ask you to provide sensitive information via email. Comenity Bank may send marketing and servicing emails to the email address on file.
  • Secure Message Center:
    If you need to electronically send sensitive information about your Marathon Visa® Credit Card Account, please contact us via Secure Message Center. Look for a reply in your Secure Message inbox within 48 hours.